Articles

“Scary and outrageous” is how Martha Cichelli, founder of Software Consulting Services (SCS), characterized a cryptoviral extortion racket that victimized one of its newspaper customers recently.

The Trinidad Express, a daily paper in the Republic of Trinidad and Tobago, had found itself essentially locked out of its own production system – SCS/Track – unable to pick up electronic print ads from one edition of the paper to the next. Unbeknownst to the paper, it had been infected with a variant of the CryptoLocker virus – a piece of ransomware that encrypts computer files so that they are made inaccessible to their owners until a monetary ransom is paid the virus’ creator.

CryptoLocker emerged as a new online threat in 2013, infecting Windows-based computers by means of email attachments disguised as innocuous files that are actually malware. A recent, high-profile case involved a California hospital that was locked out of its own medical records system for 10 days, until it paid a $17,000 ransom. Due to CryptoLocker’s success at extorting millions of dollars from its victims, a number of copycat schemes followed.

The one that hit The Trinidad Express was known as the .Micro File Virus, so named because the files that it infected were tagged with a .micro file extension, according to Michael Grabowski of SCS, who was tasked with helping rescue the paper from its predicament.

“The reason they couldn’t do pickups is because you would try to do the pickup and [SCS/Track] would show you all the source and destination files, but all the source files had ‘.micro’ extensions,” Grabowski said. “As soon as I saw that, I pretty much knew that it was some variant of a CryptoLocker [virus].” Further investigation revealed that the paper’s shared file directory of current ads “had about 8,000 infected files in there.” These were classified and retail display ads, many of which would have to be rebuilt by the creative services team unless Grabowski and The Express’s IT team could isolate the virus and recover the files. It was either that or the paper would have to pay a ransom and hope the cybercriminal responsible for the virus provided a key to decrypt the infected files.

Halting the Spread; Restoring from Backup

Once he had identified the problem, Grabowski, working with his IT counterparts at the paper, disabled sharing on the directories found to contain infected files, preventing further spread of the virus. Next, they found and isolated the machine where the virus originated, and while the local IT experts “did all the cleaning of it and wiping of it” with anti-virus software and updated virus definitions, Grabowski used a nightly backup to restore files to a state before they became infected. “Certainly there were some files from that day [which didn’t exist when the backup had been performed] that may have been lost – there would be nothing much we could do there – but we got 8,000 files off the backup,” Graboswki said. “I would say for the most part, there might have been a little work they had to do to recover, but it seemed like they had most of their stuff back that they needed at that time.”

Marlon Villarroel, an IT associate at the paper who worked through the crisis with Grabowski, said the virus couldn’t have happened at a more inopportune time – on a Friday, after 5 pm, local time. “Fridays are our busiest time throughout the week, because [we] have to prepare for the weekend publications as well as the publication on Monday morning.” He reported it took only 5-10 minutes to enlist SCS’s support after the paper’s initial plea for help, and “we were able to rectify the problem within two to three hours.” The recovery effort “pushed us back a little bit, but it wasn’t serious or critical,” he said. “We were able to continue work as normal after that.”

“It was good to see [that SCS was] able to respond so quickly,” Villarroel said. “Thank God that we had a backup of these files and Mike was able to restore [them] from the backup.”

Grabowski acknowledged: “It was no ride in the park, but I was pretty happy, given the circumstances, what we were able to recover.”

Follow-up

In addition to the initial recovery, it took about a week, according to Villarroel, to tie up all the loose ends associated with the event, removing “all those residual files that the virus will create” and securing the entire network against re-infection. “Michael was very patient with us, and we appreciate that,” he said.

Grabowski said it helped that The Express had competent IT support on-site to work with him, noting that a lot of smaller papers have outsourced or otherwise lost their in-house technology resources. “Getting in touch with the outsourced people make it very difficult to get anything done, because in an emergency state like this, I need feedback from the site right away,” he said. He noted that it was “concerning” to him that many of the third-party IT companies that newspapers hire for outsourced IT expertise are unqualified, struggling with simple IT tasks. “It’s like major surgery for them.”

“When you’re working with the same person over and over again” – like Marlon or his colleague Sheldon at The Express – “they’re going to get it done,” he said.For papers with limited IT resources, SCS has shifted to a subscription-based model of providing a broader range of “Managed Services” in support of its suite of advertising solutions and the hardware on which they run.

Grabowski also pointed out that the up-to-date versions of its software – also subscription based now – are less vulnerable to CryptoLocker-style attacks than earlier perpetual-licensed versions that some of its existing customers are still using. Specifically, anyone on Version 2 or less of SCS/Track is more vulnerable to these attacks, and anyone on Version 3 or greater is safe, by virtue of a change in the way files are shared.

“The newest version of SCS/Track has significantly beefed up resilience to malware across all platforms,” said Richard Cichelli, president of SCS. Windows-based servers and Windows workstations, he noted, are more susceptible to malware attacks than, for example, a Linux/Scribus-based system. “We support, but do not recommend, having Windows-based servers being used along with our applications,” he said. “We have had to go to extraordinary means to protect our customers’ data when such platforms are part of their configurations.”

Grabowski said that SCS has had “two other significant instances beside [Trinidad] where this has happened” - both involving Windows-based platforms. SCS’s normal subscription services cover all recovery activity in cases such as these.

How many vendors to the newspaper industry – especially software vendors – can boast 40 years in business under the same owner?

That’s the milestone Martha Cichelli reached in November in 2015, celebrating the ruby anniversary of her founding of Software Consulting Services (SCS), a small, family-owned start-up whose systems would become the heartbeat of hundreds of newspapers – large and small – throughout North and South America.

SCS’s core product, Layout-8000™, is now a central component of the production and advertising systems in dozens of the largest papers in the United States, and is widely considered the standard for automated advertising dummying solutions in the newspaper industry. Dominant newspaper chains – including Gannett, Tribune, Lee Enterprises and Advance Publications – are among its devoted users, as are hundreds of small and medium-sized independent papers.

Most recently, SCS shifted its focus to include a broad range of subscription-based solutions and services for newspapers, including: advertising, editorial, digital asset management, and color management. The FotoWare digital asset and color management software it markets, sells and installs has a customer base that extends beyond newspaper customers to include The White House Historical Association, the Ford Foundation, Hewlett Packard, the city of Toronto, and Lubrizol (a Berkshire Hathaway company), among others. The pivot helped keep SCS responsive to the evolving needs of its customers, and has provided the company some traction in expanding its services beyond the niche for which it is better known.

Up till now, “we have been the kings of interfacing,” Cichelli said. “We’ve interfaced [Layout-8000] to every front-end system out there and to numerous pagination systems, including QuarkXPress in 1987 which established the viability of desktop publishing tools as an alternative to proprietary newspaper vendor provided systems.” But what SCS is discovering, she said, is that bundling the ad dummying software with its own advertising and editorial solutions, and offering the whole system to newspapers by monthly subscription, provides advantages to both SCS and its customers that had not previously been realized. “We … find it much easier to do it all … than having to interface to lots of other systems,” she said, “and that’s what we’re working toward.

The initiative has led to recent sales of SCS’s so-called Community Advertising System to The Lawton (OK) Constitution, The Falmouth (MA) Enterprise, and the Virgin Islands Daily News, among others.

Humble Beginnings

The shift in business models is not the first for SCS since its humble beginnings in the mid-1970s, with Cichelli programming, her husband, Richard, helping out with part-time consulting, a neighbor (who is still with the company as its controller) handling marketing and sales, and fairly soon thereafter the addition of another programmer and two summer interns.

The company didn’t start off writing software for newspapers, but rather did custom programming and data analysis for a variety of customers – businesses, organizations and individuals. Cichelli said, “It wasn’t products that I was making.” Rather, it was her facility with math and her computer programming skills that lent themselves to providing consulting services at a time when desktop computing was just in its infancy. She said she simply “did things that people wanted done,” but couldn’t do for themselves.

That meant, for example, writing a custom desktop scheduler and calendar for a “forward thinking” American Express executive – “stuff that you’d get for free now on your [smart] phone,” Cichelli commented, “but at the time there wasn’t anything like that, particularly nothing that would sit on your desktop [computer]. So, in Pascal, I wrote some simple, little applications for him.”

That connection helped Cichelli wrangle SCS’s first credit card. Though initially turned down by American Express for lack of credit history, she recalled, “I wrote back to them and said, ‘We’re extending credit to a member of your executive staff and it would be nice if you could do the same for us.’” The tactic worked and the card was issued. “That’s the same American Express card we use to this day,” she said. “It’s the same account.”

Math in Her Blood

Although something of a math prodigy, Cichelli didn’t have any formal training in computer programming until after she graduated from college in 1968.The granddaughter of a University of Wisconsin math professor, Cichelli said that “it was kind of pre-ordained” that she would study math. “I did love math, especially Algebra,” she recalled. “Algebra was wonderful!”

Her grandfather – “a big guy in abstract algebra” who “wrote some parts of the Encyclopedia Brittanica” on the subject – had apparently instilled some of his own passion for his vocation into her, at a very early age. Although she had no personal recollection of it, Cichelli related a story told her by her mother, saying, “He taught me how to add fractions by suggesting I tear up pieces of paper and figure it out. So I figured out how to add a half and a third before I started school.”

By the time she was a grade school student at a tiny town in central Maine – “trudging through blizzards, uphill both ways” – she was essentially setting the curve for her classmates. “The teacher I had in fourth grade somehow was convinced that I would have a perfect paper in Arithmetic, which was not the case, and she would just mark mine 100% and grade everyone else’s from mine. I’d bring home this perfect paper and my mother would re-grade it,” Cichelli said, laughing.

Cichelli went on to study math under a scholarship at Wilmington College in Ohio, later transferring to Temple University in Pennsylvania, because Wilmington “only had one math professor” and at Temple “there was more variety.” Even at Temple, however, there was little opportunity for exposure to programming as a profession. “There was no Computer Science [program] at Temple when I was there,” Cichelli said. “They had one computer course and I never got to take it because it was [cancelled due to] ‘lack of interest.’”

Her first job out of college, though – at E. I. DuPont de Nemours Company in Wilmington, DE – was as an entry-level programmer, which afforded her “training from scratch.” She said, “Within a week, I couldn’t believe that they were actually paying me to have this much fun. I was hooked.”

While acknowledging that “Computer Science is now considered a male-dominated field,” she doesn’t recall it feeling that way when she entered the profession in the late ‘60s and early ‘70s. “It was at least 50:50 and maybe even more women than men.” She noted, however, “It wasn’t called ‘Computer Science’ then. I have a personal theory that as soon as it got the title ‘Science,’ it scared women off.”

Family Programming

By 1968, Cichelli had married her husband and future SCS collaborator, Richard, whom she had met in Delaware. He was renting the upstairs apartment in a house she shared with her mother and future step-father, and they crossed paths over a game of pool.

The two would discover a common interest in Computer Science. Richard had had a very early introduction to it, teaching himself – at age 14 – to write FORTRAN from an instruction book he had borrowed from his father, who was Engineering Research Director for the DuPont Company. “His dad said, ‘Oh, you want to run those programs?’” Martha recounted, and “took him over to the DuPont Experimental Station and let him run programs on the Sperry Rand UNIVAC I (the very first commercially manufactured computer)” – a $7 million playground for her then-adolescent future mate.

When he and Martha met, Richard was working as an architectural draftsman, helping design the building that housed the Computer Programming Institute of Delaware, from which he would later graduate. After their marriage, he went back to school and got a B.S. degree in Computer Science from the University of Delaware while Martha worked at DuPont. Richard subsequently went to work in the data processing department of a bank, “supervising the running of computer jobs. He made a name for himself there by greatly reducing the complexity of that process for them,” she said. “He applied, I guess you could say, Computer Science to that. He wasn’t writing software at that time.”

The couple eventually moved to Allentown, PA, where Richard had secured a position as a systems programmer for Lehigh University. Martha took a programming job with the Pennsylvania Power and Light (PP&L) Company, coding, she acknowledged, in new languages that “I never claimed to know.”

There were some barriers of sexism Martha encountered along the way. While applying for computing jobs in Allentown, PA, for example, she interviewed with a large manufacturing company that initially balked at placing her on a team designing software solutions, the interviewer admitting: “We’ve never had a woman analyst. You’d have to talk to the men out on the floor, and they can be pretty rough.” An offer did come, Martha recalled, but many months after she began working at PP&L.

The genesis of SCS came when Richard and Martha decided to start a family. “PP&L did not have part-time programming jobs and neither did anyone else that I could find,” Martha said. “I wanted to stay home with our new baby, but I wanted to stay active in computing. So, what could I do but start my own company?” Martha founded SCS in the fall of 1975 and their daughter, Sharon, was born in February of 1976.

Sharon, Martha recalled, “pretty much grew up with the company.” Martha brought her along on site visits, placing her in a car seat “parked behind the warm tape drives at a client’s.” As a preschooler, “she learned enough to write simple programs” – like adding two numbers together – “ which she claimed she ‘did not use to do her homework.’” During her high school and college years, she spent time at SCS writing documentation and testing programs – an experience that got her her first “real” job. “Eventually, she came to love writing software and is now a Lead Technical Analyst at a company in Austin, TX,” Martha said.

Leaving PP&L and starting her own company, Martha said, was not particularly a difficult transition “because I had a husband supporting me, and it wasn’t like I was on the verge of financial crisis with the business. It was more like a hobby, at first.”

“It was growing,” though, Martha noted. The company added another programmer and started employing summer interns – “another tradition that we continue to this day,” she said – and plunked down $20,000 for its first minicomputer, used to create Pascal Validation Suite distributions. “This was a big deal at the time,” Martha said. “This was my first experience negotiating a business loan from a bank.” Richard, who had meanwhile become an adjunct lecturer and co-director of the computer science program in the graduate school of mathematics at Lehigh University, was a member of a committee that wrote the official standards for the Pascal programming language and had become a very early evangelist for using Pascal in teaching programming.

Shift to Newspaper Orientation

At that time, the company didn’t yet have the orientation it has today as a vendor providing solutions and services primarily to the newspaper industry.

The first newspaper that hired SCS for consulting services was the Pottsville (PA) Republican,” Martha said. “They wanted to get into using these personal computers a little bit, and they had one” – a [Radio Shack] TRS-80. “They wanted to learn how to use it, [so] they sent us the computer and it sat in our offices, which were in our basement, and I learned how to use it and how to write programs for it and everything. And then I trained them a little bit on how to use it.”

It wasn’t until 1983 – when Richard officially joined the business – that the shift in orientation occurred. He had left his programming job at Lehigh to become the Research Manager of Computer Applications at the American Newspaper Publishers Association (ANPA) Research Institute. When ANPA – now called the Newspaper Association of America (NAA) – moved its headquarters from Easton, PA to Reston, VA, the couple decided not to relocate, and instead Richard joined forces with Martha at SCS.

As part of his job at ANPA, Richard had overseen development of an ad dummying system, Layout-80®, which was the precursor to SCS’s Layout-8000™. SCS was one of several companies that bought the rights to sell and install Layout-80, but it was the only one that enhanced the program and made the product its own, thanks to Richard and a few others from his staff at ANPA who had left to join SCS. The first newspaper to buy the product from SCS was the Fargo (ND) Forum, whose owner and publisher was the chairman of ANPA at the time. “Bill insisted on being SCS’s first customer for Layout-80,” Richard said. Layout-8000 is now on its 15th major version, and is currently in use at 1,500 publications in multiple countries, in five languages.

Along the way, SCS outgrew the Cichelli’s basement, and was the first company to become part of the Ben Franklin business incubation program, moving into offices on the Lehigh campus. It later “graduated” from there to a renovated four-room school house in Nazareth, PA and subsequently upgraded to a space in an office complex in Nazareth, large enough for its current staff of 20.

For a short while in the late 90’s and early aughts, Martha stepped back from the company, returning to school to earn a doctorate degree in behavioral neuroscience. “I learned so much in graduate school about psychology, behaviorism and research. The principles I learned apply everywhere – including SCS”, when she rejoined the company a few years later.

“We Are Customer Service”

The Cichellis pride themselves, above all things, on a company ethic devoted to customer service.

Helping newspapers recover from disaster is the most obvious and specific example. Martha recounted anecdotes about helping the Detroit Jewish News recover from a major fire in 2002, The Times-Picayune in New Orleans recover from Hurricane Katrina in 2005, and El Diario la Prensa in New York recover after the 9/11 terrorist attack on the World Trade Center. In each case, SCS set up emergency servers in temporary spaces, and made sure the papers were able to publish without interruption.

“Talk to anybody that’s one of our customers,” Martha said. “Our folks really care and will go the extra mile.”

What’s next for SCS and the Cichellis, aside from their current transitioning business model? Martha replied that she can’t see that far ahead. “When Richard bought the desk that he’s sitting at, he told the furniture guy – it was a used furniture company – he said, ‘I want a died-at-the-desk desk.’ One that looks like it has a little dent there where the guy was working on his last day and he fell forward and his head hit the desk. That’s what I want: a died-at-the-desk desk.’ And he has it.